Customers of a computing resource service provider or other service providers often store sensitive information using a variety of services provided by these service providers. To ensure the security of this sensitive information, the customers of these service providers often use cryptographic keys to encrypt the sensitive information. The cryptographic keys may be managed by these service providers, which may control access to the cryptographic keys and enable authorized users to access these cryptographic keys. However, some users of these cryptographic keys may have malicious intent that is unknown to the customers of the computing resource service provider. Preventing against such users is complex and may require extensive use of monitoring resources to discover.